CIA Malware Unveiled

Uploaded on 2017-08-02 in NEWS-News Analysis, INTELLIGENCE--USA, FREE TO VIEW

Since early 2017, whistleblower website WikiLeaks has been publishing secret CIA documents and the malware used by them to take control of all sort of electronic devices.

In the ongoing Vault 7 series, WikiLeaks has recently published documents from CIA contractor Raytheon Blackbird Technologies.

The leaked documents were submitted to the CIA between 21st Nov 2014 and 11th Sep 2015. The documents submitted by Raytheon contained proof-of-concept assessments for malware attack vectors. It should be noted that Raytheon acted as a technology scout for CIA’s Remote Development Branch (RDB). The scout made recommendations to the CIA teams for further research and malware development.

So the 5 CIA-Raytheon malware described in the leaked documents:

1. HTTPBrowser RAT

The first document gives an introduction to a new variant of the HTTPBrowser Remote Access Tool (RAT). The malware’s dropper has a zip file that contains 3 files. This RAT captures keystrokes and writes it to a file. It continuously talks to the C&C (command and control) server in clear text communications.

2. NfLog

NfLog RAT is also known as IsSpace. This new malware variant is deployed using the leaked Hacking Team Adobe Flash exploit which uses CVE 2015-5122. For C&C communications, NfLog also uses the Google App Engine. By using UAC bypass technique, it attempts UAC bypass and privilege escalation on Windows operating system.

3. Reign

Reign is a sophisticated malware sample that has been in use as early as 2008, with its new iteration appearing in 2013. What makes Reign special is its modular architecture that grants flexibility to the attackers.

It also features the capability to hide itself from detection. The attack via Reign is carried out in 5 stages, with the last granting functionalities like file system access, networking, event logging, port loading, rootkit functions, etc.

4. HammerToss

HammerToss is probably a Russian-sponsored malware. It leverages compromised websites, GitHub, Twitter accounts, and cloud storage for taking care of the C&C functions. Written in C#, HammerToss uses a dedicated program to create new Twitter accounts and use them to execute commands and get the data uploaded by the victim.

5. Gamker

Gamker is an information stealing Trojan that uses the process of self-code injection to make sure that nothing is written to disk. Gamker is also able to gain some obfuscation characteristics by using Assembly language instruction in hooking routine.

FossBytes.com:

You Might Also Read: 

WikiLeaks Reveal CIA Credentials Malware:

CIA Silent about Wikileaks Agency Files:

 

« Data Scientists Remain Top Of ‘most wanted’ Employees
5G Wireless Technology - Enabling Mobile-Only Networking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Kintek Group

Kintek Group

Kintek Group provides cybersecurity and managed services to protect organizations from threats that exist inside and outside their networks.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.